Tux Training

Many of us have been in this scenario - you’re on the move, using a random WiFi connection that you can get. You want to browse around to all your favourite sites, including ones where you log in over normal HTTP, but you’re not entirely convinced of the security of the connection, so you don’t.

If you have access to pretty much any server running SSH where you can log in, you actually can set up a secure tunnel to route all of your data through using nothing more than what you already have. Kind of like a very simple VPN, that you can do on the fly.

Bookmark It

• Continue reading or Leave a comment... (2)

Many lovers of PeerGuardian are out there, and some just happen to use linux. Luckily we have bit torrent clients that support PeerGuardian blocklists directly in the client, rather than affecting our entire internet connection. This is a rather simple prodcedure in both cases of Ktorrent and Deluge.

Note: Blocklists are not a fool proof protection and can come with their own problems. Please read up on the effectiveness of blocklists. That being said, every little bit helps.

Also See:

1. Basics of iptables
2. Iptables: How to save and restore rules at boot & shutdown
3. Beating Sandvine on Linux with iptables
4. How to Encrypt Bit Torrent Traffic With Ktorrent and Azurues

Bookmark It

• Continue reading or Leave a comment... (0)

Multiple sites reported a while ago that Comcast was using Sandvine to do tcp packet resets to throttle BitTorrent connections of their users. This practice may be a thing of the past as it’s been found a simple rule in the Linux firewall, iptables, can simply just block their reset packets, returning your BitTorrent back to normal speeds and allowing you to once again connect to all your seeds and peer. So, if you are tired of Sandvine (the application used by Comcast to throttle Bit Torrent with fake TCP packet resets) screwing with your BitTorrent and a user of GNU/Linux, then this is for you. I will tell you how to take your bandwidth back.

Also see:

1. Basics of iptables
2. Iptables: How to save and restore rules at boot & shutdown
3. How to Encrypt Bit Torrent Traffic With Ktorrent and Azurues
4. Import PeerGuardian Blocklists into Ktorrent & Deluge

Bookmark It

• Continue reading or Leave a comment... (37)

Here is a quick tip on how to add a welcome message for your SSH users.

If you want users to see a banner welcome message when connecting to your SSH server, you need to turn on the banner configuration of SSHd and then create a banner file.

Bookmark It

• Continue reading or Leave a comment... (1)

# nmap -v -sP 192.168.1.0/24

You can replace the 192.168.1.0/24 address with whatever your IP and subnet is.

Also, for a cleaner output that removes the lines that tell you an IP is not used, try the following:

# nmap -v -sP 192.168.1.0/24 | grep -v "appears to be down"

Bookmark It

• Leave a comment... (0)

Have a network that you’d like to protect from macilious organizations? Well we’re in luck, now at the router level we can add peer guardian to ipcop based routers.

The install is rather simple, first thing first of course you must have Ipcop installed. Then grab ipcop-pglinux-1.5beta.zip from here.

Bookmark It

• Continue reading or Leave a comment... (1)

pam_abl provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts. Generally configured so that blacklisted users still see normal login prompts but are guaranteed to fail to authenticate.

Brute force password discovery attacks involve repeated attempts to authenticate against a service using a dictionary of common passwords. While it is desirable to enforce strong passwords for users this is not always possible and in cases where a weak password has been used brute force attacks can be effective.

The pam_abl module monitors failed authentication attempts and automatically blacklists those hosts (and accounts) that are responsible for large numbers of failed attempts. Once a host is blacklisted it is guaranteed to fail authentication even if the correct credentials are provided.

Blacklisting is triggered when the number of failed authentication attempts in a particular period of time exceeds a predefined limit. Hosts which stop attempting to authenticate will, after a period of time, be un-blacklisted.

Download: Here

Bookmark It

• Leave a comment... (1)

Normally we will set the hostname of a system during the installation process. Many peoples don’t care about this, and don’t change the hostname even if for example this was set to something really stupid by the datacenter that installed the system (most likely they will set this to “debian” on any debian installation, etc). For me, it is important to see on each one of the ssh screens I will have open at any time a different hostname that is relevant and will give me quickly the information on what system I am logged in.

Bookmark It

• Continue reading or Leave a comment... (2)

Remote OS Fingerprinting is becoming more and more important, not only for security pen-testers,but for the black-hat. Just because Nmap is getting popularity as the tool for guessing which OS is running in a remote system, some security tools have been developed to fake Nmap in its OS Fingerprinting purpose. This document describes a solution to defeat Nmap and behave like another chosen operating system, as well as a demonstration on how can be accomplished.

Bookmark It

• Continue reading or Leave a comment... (1)

nmap has -D option. It is called decoy scan. With -D option it appear to the remote host that the host(s) you specify as decoys are scanning the target network too. Thus their IDS might report 5-10 port scans from unique IP addresses, but they won’t know which IP was scanning them and which were innocent decoys. While this can be defeated through router path tracing, response-dropping, and other active mechanisms, it is generally an effective technique for hiding your IP address.

Bookmark It

• Continue reading or Leave a comment... (1)